Friday, July 30, 2010

SSL/TLS Weak Cipher

While reviewing a Qualys report, I noticed the following "QID: 38140 SSL Server Supports Weak Encryption Vulnerability". Of course one can verify Qualys findings one cipher at a time using openssl, but in order to verify all supported cipher-MAC combination, I needed to find an automated tool. Here are some of the useful ones I found:

Qualys SSL Labs - Good choice if you need to generate a presentable report for management.

CryptoNark - In addition to checking SSL Ciphers, it also does HTTP Track/Trace check and 'Unsafe' URL check. You will need to install some custom Perl modules to get it working.